On Thu, 4 Jan 2007, John Rudd wrote: > Dimitri Yioulos wrote: > > First, I wish all a very happy and healthy New Year. > > > > I hope this is the proper place to ask this: several days ago, I upgraded > > to Botnet-0.7 from 0.6; the latter had apparently been working fine with the > > installed SA 3.1.7. I installed as per instruction (no heavy lifting > > there). Now, no Botnet rules are ever hit, even though I suspect that some > > particular spam has been sent via a bot. If I reinstall 0.6, I get rule > > hits. What have I not done/done wrong? > > > > Thanks. > > > > Dimitri > > > > Do you get much output if you take one of the messages and do this (assuming > you're on some form of unix): > > > spamassassin -D < $message_file | grep -i botnet
I found a similar behaviour as described on a test server. Using spamassassin -D < $message_file 2>&1 | grep -i botnet I found that in my case probably the default Botnet.cf configuration line # If there are trusted relays, then look to see if there's a # public IP address; if so, then pass the message through. botnet_pass_trusted public is the causer since the test server receives the mails from a mail relay that uses a private 172.x.x.x address. Debug extract with the default configuration: dbg: Botnet: starting dbg: Botnet: found private trusted dbg: Botnet: skipping But "undefining" the variable "botnet_pass_trusted" I got dbg: Botnet: starting dbg: Botnet: get_relay good RDNS dbg: Botnet: IP is '189.156.64.193' dbg: Botnet: RDNS is 'dsl-189-156-64-193.prod-infinitum.com.mx' dbg: Botnet: HELO is '!189.156.64.193!' dbg: Botnet: sender [EMAIL PROTECTED] dbg: Botnet: hit (baddns,client,ipinhostname,clientwords) dbg: rules: ran eval rule BOTNET ======> got hit Greetings Jens -- Dr. Jens Schleusener T-Systems Solutions for Research GmbH Tel: +49 551 709-2493 Bunsenstr.10 Fax: +49 551 709-2169 D-37073 Goettingen [EMAIL PROTECTED] http://www.t-systems.com/
